Test cases - NIST Software Assurance Reference Dataset

Displaying test cases 9701 - 9725 of 9725 in total

CWE-114

61956-v1.0.0

Added 12 years ago

accepted

mixed

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 17 Control flow: for loops
CWE-114

61955-v1.0.0

Added 12 years ago

accepted

mixed

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 16 Control flow: while(1)
CWE-114

61954-v1.0.0

Added 12 years ago

accepted

mixed

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 15 Control flow: switch(6)
CWE-114

61953-v1.0.0

Added 12 years ago

accepted

mixed

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 14 Control flow: if(globalFive==5) and if(globalFive!=5)
CWE-114

61952-v1.0.0

Added 12 years ago

accepted

mixed

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 13 Control flow: if(GLOBAL_CONST_FIVE==5) and if(GLOBAL_CONST_FIVE!=5)
CWE-114

61951-v1.0.0

Added 12 years ago

accepted

mixed

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 12 Control flow: if(globalReturnsTrueOrFalse())
CWE-114

61950-v1.0.0

Added 12 years ago

accepted

mixed

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 11 Control flow: if(globalReturnsTrue()) and if(globalReturnsFalse())
CWE-114

61949-v1.0.0

Added 12 years ago

accepted

mixed

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 10 Control flow: if(globalTrue) and if(globalFalse)
CWE-114

61948-v1.0.0

Added 12 years ago

accepted

mixed

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 09 Control flow: if(GLOBAL_CONST_TRUE) and if(GLOBAL_CONST_FALSE)
CWE-114

61947-v1.0.0

Added 12 years ago

accepted

mixed

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 08 Control flow: if(staticReturnsTrue()) and if(staticReturnsFalse())
CWE-114

61946-v1.0.0

Added 12 years ago

accepted

mixed

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 07 Control flow: if(staticFive==5) and if(staticFive!=5)
CWE-114

61945-v1.0.0

Added 12 years ago

accepted

mixed

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 06 Control flow: if(STATIC_CONST_FIVE==5) and if(STATIC_CONST_FIVE!=5)
CWE-114

61944-v1.0.0

Added 12 years ago

accepted

mixed

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 05 Control flow: if(staticTrue) and if(staticFalse)
CWE-114

61943-v1.0.0

Added 12 years ago

accepted

mixed

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 04 Control flow: if(STATIC_CONST_TRUE) and if(STATIC_CONST_FALSE)
CWE-114

61942-v1.0.0

Added 12 years ago

accepted

mixed

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 03 Control flow: if(5==5) and if(5!=5)
CWE-114

61941-v1.0.0

Added 12 years ago

accepted

mixed

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 02 Control flow: if(1) and if(0)
CWE-114

61940-v1.0.0

Added 12 years ago

accepted

mixed

CWE: 114 Process Control BadSource: connect_socket Read data using a connect socket (client side) GoodSource: Hard code the full pathname to the library Sink: BadSink : Load a dynamic link library Flow Variant: 01 Baseline
CWE-378

2016-v2.0.0

Added 17 years ago

candidate

bad

Tempfile creation should be done in a safe way. To be safe, the temp file function should open up the temp file with appropriate access control. The temp file function should also retain this quality, while being resistant to race conditions. (from TCCLASP-5_6_20_10) (CWE 378)
CWE-391

1739-v1.0.0

Added 18 years ago

accepted

bad

Test of tool ability to identify an unchecked error condition.
CWE-367

1517-v1.0.0

Added 19 years ago

candidate

bad

Because of the test for file existence in lines 33 and 35 and the file open on line 36 both use file names. This code contains a TOCTOU - Time of check, Time of use - vulnerability. The code can be exploited by the creation of a symbolic link with the name of the file. From "Secure Coding in C an...
CWE-134

1515-v1.0.0

Added 19 years ago

candidate

bad

Extremly insecure stdio implementation. The program reads a filename from stdin on line 26 and attemps to open the file on line 26. This program is vulnerable to buffer overflows on line 26 and format string exploit on line 30. From \"Secure Coding in C and C \" by Robert C. Seacord. Page 215, ...
CWE-119

1510-v1.0.0

Added 19 years ago

candidate

bad

Exploit of buffer overflow in dynamic memory on Windows. This exploit requires that the overwriten memory adress is executable. The HeapFree() on line 38 creates a gap in the contiguous allocated memory. The memcpy() on line 39 is an example of exploit. The first 16 bytes of malArg overwrite the ...
1503-v1.0.0

Added 19 years ago

candidate

good

The semantics of virtual functions. As most C++ compilers implement virtual functions using a Virtual Function Table (VTBL). The VTBL is an array of function pointers that is used at runtime for dispatching virtual function calls. It"s possible to overwrite function pointers in the VTBL or change...
CWE-822

1501-v1.0.0

Added 19 years ago

candidate

bad

Modifying the instruction pointer. The invocation through the function pointer funcPtr uses an indirect reference, and the address inthe referenced location can be overwritten. As the function pointer address cannot be resolved at compiled time, it can be exploited to transfer control to arbitrar...
CWE-119

1485-v1.0.0

Added 19 years ago

candidate

bad

Buffer overflow by gets() if input is more than 80 characters. From "Secure Coding in C and C++" by Robert C. Seacord. Page 27, Figure 2-1

Results per page